-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libvncserver Version : 0.9.9+dfsg-1+deb7u2 CVE IDs : CVE-2016-9941, CVE-2016-9942 Debian Bugs : #850007, #850008
It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server: * CVE-2016-9941: Fix a heap-based buffer overflow that allows remote servers to cause a denial of service via a crafted FramebufferUpdate message containing a subrectangle outside of the drawing area. * CVE-2016-9942: Fix a heap-based buffer overflow that allow remote servers to cause a denial of service via a crafted FramebufferUpdate message with the "Ultra" type tile such that the LZO decompressed payload exceeds the size of the tile dimensions. For Debian 7 "Wheezy", these issues have been fixed in libvncserver version 0.9.9+dfsg-1+deb7u2. We recommend that you upgrade your libvncserver packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhryEoACgkQHpU+J9Qx Hlge/Q/9FJGmPEThhYq8oxq8Ow+v1NiXn7AwtfR4bHwkn60PT3u7YaH1nJhh42zm J/kq1wxXygiQwrFuXck95gJRlXbxv5JhhSTt4aAKdn4yg9wpWUVC2phqgUdAAXoj a+852KfmenvkyUU55tsrQJQ0djjfG6pcVd5DKKvPrj6EJy2Y45A1cqPVFKvtlHty lB+UJGc2GiPG+N6VWDU7QDB2Q1TZfj4e3kb398/kcXVPBN5WO4mdyIkxrA2q8lDh L1YSj8LKERe3uSA8gO+4nnUJCZwx6nKgSikM4roD/7o87WOlB5ZVdZbWy9mEOBCy d6t9ykA+us/slceqQWXVVjFLWLqkUz5w5r0HOs8KcyS/MY3xbVn4bBZhqvBRstHJ YjF0HtgFeepGLhD2iom+WmxU9dlH4oGyfU7s8gwuzfWKfO1GtVcZ9fBK6kl3H9lC XDKgRfp2RkX20f3Xf1ijNKRN5fz4jSoFlmLlj28ATuBxmmJcGvqUWd3kN6bl2VgD 9DQ2aZQ3jKK/JtFZ9vuqqYDlxq/7upGC0hlvX5eNPc6mkop2N+w98N9G6rc9cTL6 HfdMK7EvvKhRcYY5Qa2Jr5Za5ImG3tVHbhgivz9DNMINozaej/LT8MFRZmbGJFts NyO95vc1wN069lokqLNXhS2i0443ZjX19UkrN412FseZp4HHbuk= =fzqS -----END PGP SIGNATURE-----